The number of protests filed by contractors in fiscal 2019 is significantly down.
The number of vendors suspended or debarred by agencies in fiscal 2018 also dropped considerably.
But what agencies and industry need to really pay attention to is the fine print in the new reports issued last week by the Government Accountability Office and the Interagency Suspension and Debarment Committee, respectively.
Let’s start with the suspension and debarment committee’s report. While the number of suspensions, proposed debarments and debarments dropped for a fourth straight year in fiscal 2018 — the latest data that the committee released in late October — that trend may be over by 2020.
Insight by Carahsoft: Learn from IT experts as they outline the significant impacts cloud and 5G have on implementing zero trust architecture in this exclusive executive briefing.
The committee created a cybersecurity subcommittee to track and report contractor compliance issues and developments.
“This should be a signal to the contractor community. Cybersecurity compliance activities are not only for national security reasons, but for the sake of your company and you need to be attentive to these requirements because noncompliance has significant ramifications,” said Fred Levy, a partner with the law firm Covington and the co-chairman of the firm’s Government Contracts Practice Group. “Anecdotally, we are handling more cyber compliance related cases. We have had debarment matters related to cyber matters and cyber as supply chain issues already. It will become an ever-increasing matter of focus as it becomes a greater item for focus for agencies.”
Levy and other procurement lawyers pointed to the “qui tam” case brought against Cisco that came to light earlier this year around cybersecurity flaws in equipment. Cisco settled the case by agreeing to pay $8.6 million.
Eric Crusius, a partner with the law firm Holland & Knight, said this is another example of how the government is concerned enough about cybersecurity that it’s attacking it on as many different angles as it can.
“It shows cyber is not just a contract administration issue anymore. It’s an issue that could render a company not fit to do business with the government,” Crusius said. “And, of course that can lead to a company going out of business. Even short of that, I wouldn’t be surprised to see cyber impacting contractor performance assessment ratings (CPARS) and resulting in termination for convenient and default.”
The Defense Department’s plan to develop and implement a cybersecurity maturity model certification will add another wrinkle to the suspension and debarment oversight.
Even if an agency receives approval from a third-party, experts say vendors are concerned about the liability of the flow-down provisions to second, third and fourth tier subcontractors.
“No one wants to be accused of not doing enough so every vendor wants to do everything so there is a bit of a gold rush of trying to make sure companies are doing everything they can to protect the data and systems,” Crusius said. “I think there are two reasons why there is this focus now. The first is it takes time for the bureaucracy to catch up after the cyber breaches. The second is what has been going with Kaspersky Lab, ZTE, and Huawei. I think the provisions were a wake-up call as was the creation of the Federal Acquisition Security Council.”
Along with the focus on cybersecurity, the suspension and debarment report also highlighted the continued increase of pre-notice letters, which has almost tripled in use over the last decade and increased by 37 since 2016.
Rob Burton, a partner with Crowell & Moring’s government contracts group and a former deputy administrator in the Office of Federal Procurement Policy, said these numbers reflecting agencies are giving vendors a better chance to explain any concerns.
“There’s never been due process at the suspension or proposed debarment stage and that’s been a real problem. The regulations have never been changed because politically it’s hard to do because it looks like you are soft on contractors,” he said. “Pre-notice letters are just a good practice. I think agencies realize it’s not fair to debar someone for a period of time without any ability to respond in a timely manner.”
Angela Styles, a partner with the law firm Akin, Gump, Strauss, Hauer and Feld and a former OFPP administrator, said the goal is not to keep companies from doing business, but for them to do business in an ethical way.
“Pre-notice letters help agencies to be more proactive versus suspension and debarment, which is really punishing companies,” she said. “It also makes for better outcomes because the agency can be more comfortable with how the company is doing business with the government.”
GAO’s annual bid protest report to Congress shows an overall decrease in the number of cases filed as well as downward trends in nearly every other category.
But the one area that didn’t increase is the number of task or delivery order bid protests. GAO reported vendors filed 373 complaints last year, up from 356 in 2018 and 256 in 2017.
Congress first gave GAO the authority to hear task or delivery order protests in the 2008 defense authorization bill.
Procurement experts didn’t agree on why the number of protests increased.
Crowell & Moring’s Burton said agencies are driving more and more procurement dollars through task orders and since unsuccessful bidders can’t protest anything under $10 million, it’s an attractive path.
Akin Gump’s Styles said she would be surprised if the protest limit is driving agency acquisition strategies.
Holland & Knight’s Crusius said the increase in task and delivery order protests comes from the basic reason that agencies are spending more money through those vehicles.
For instance, the General Services Administration reported record sales in fiscal 2018 of $68 billion, which is 23% more than in 2017. GSA expects 2019 to reach similar heights.
“I think the limit on $10 million needs to be changed,” Burton said. “I think protests are a great check on the system, especially for small companies. There are a lot of their contracts that are below that $10 million threshold, and they have no redress or recourse, and it’s unfair to these companies.”
Hunter Bennett, a counsel with Covington, said the overall drop in protests can be attributed, in part, to the new filing fee GAO instituted. GAO charges vendors $350 per protest.
“My sense is that the fee is discouraging some of the people who file protests outside the box,” he said.
At the same time, Bennett said because the overall effectiveness rate, which measures how often the protestor receives some sort of relief, whether through the agency taking corrective action or by winning the protest, remained steady at 44%, the number of protests with merit remains strong.
“Agencies are willing to take a hard look at claims raised and the agency is willing to take corrective action and take another look,” he said.